Python 3.9.3 and 3.8.9 are now available

Those are expedited security releases, recommended to all users. Get them here: Read more


Be Careful with Python’s New-Style String Format

This should have been obvious to me for a longer time, but until earlier today I did not really realize the severity of the issues caused by str.format on untrusted user input. It came up as a way to bypass the Jinja2 Sandbox in a way that would permit r...

Read more »